package com.project.book.order.distributed.security.order.controller;

import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class OrderController {

    /**
     * 流程：当携带token访问这个资源的时候，会通过远程的service去请求地址
     * http://localhost:53020/uaa/oauth/check_token校验token是否合法
     * @return
     */
    @GetMapping(value = "/r1")
    // 拥有p1权限方可访问此URL
//    @PreAuthorize("hasAnyAuthority('p1')")//也可以方法上面加注解来实现控制权限
    public String r1() {
        // 通过spring security api获取当前登录用户
        // UserDto userDto = (UserDto) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        String username = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return username + "访问资源1";
        // return userDto.getUsername() + "访问资源1";
        // return JSON.toJSONString(userDto) + "访问资源1";
    }

    @GetMapping(value = "/r2")
    // 拥有p2权限方可访问此URL
//    @PreAuthorize("hasAnyAuthority('p2')")
    public String r2() {
//        UserDto userDto = (UserDto) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
//        // return userDto.getUsername() + "访问资源2";
//        return JSON.toJSONString(userDto) + "访问资源2";
        String username = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return username + "访问资源2";
    }

}